-
Notifications
You must be signed in to change notification settings - Fork 61
/
credential.acme.yaml
68 lines (68 loc) · 2.47 KB
/
credential.acme.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
title: Asset:Credential ACME
description: A reference to an ACME identity.
payload:
declarationtype: com.apple.asset.credential.acme
supportedOS:
iOS:
introduced: '17.0'
macOS:
introduced: '14.0'
tvOS:
introduced: '17.0'
watchOS:
introduced: '10.0'
payloadkeys:
- key: Reference
type: <dictionary>
presence: required
content: The external reference. The asset data must be a JSON document representing
the "com.apple.credential.acme" credential type. The asset data must be returned
using a media type of "application/json". If a "ContentType" sub-key is included,
it must be set to "application/json".
subkeys:
- key: DataURL
type: <string>
presence: required
content: The URL that hosts the credential data. The URL must start with 'https://'.
- key: ContentType
type: <string>
presence: optional
content: The media type that describes the data.
- key: Size
type: <integer>
presence: optional
content: The size of the data at the 'DataURL'. Use this value to verify that
the returned data is the expected data. Use this value to detect when the data
changes.
- key: Hash-SHA-256
type: <string>
presence: optional
content: |-
A SHA-256 hash of the data at the 'DataURL'. Use this value to verify that the returned data is the expected data. Use this value to detect when the data changes.
If 'Size' is '0', clients need to ignore this value or set it to an empty string.
- key: Authentication
type: <dictionary>
presence: optional
content: The server authentication details.
subkeys:
- key: Type
type: <string>
presence: required
rangelist:
- MDM
- None
content: |-
Type of authentication:
* MDM - a request using MDM semantics (includes the device identity certificate, and any user authentication). Equivalent to an MDM request made to the CheckInURL or ServerURL. This option can only be used when using declarative device management.
* None - a standard GET request is carried out.
- key: Accessible
type: <string>
presence: optional
rangelist:
- Default
- AfterFirstUnlock
default: Default
content: |-
The keychain accessibility that determines when the keychain item is available for use.
* Default - the most restrictive accessibility that still satisfies all uses of the asset by configurations that reference it
* AfterFirstUnlock - the keychain item is only available after first unlock of the device